It is frustrating when your antivirus protection stops you from visiting a website that you know and trust, but these days even the most popular websites can fall prey to attacks.
This week security researchers discovered booby-trapped advertisements on popular websites including eBay, The Drudge Report, weather.com, and AOL. The ads, some of which can be initiated by a drive-by attack without the user’s knowledge or even any action, infected computers with adware or locked them down with ransomware.
Computer users running older browsers or unpatched software are more likely to get infected with malware just by visiting a website. Avast blocks these infected ads, but to be safe, please use the most updated version. To update your Avast, right-click the Avast Antivirus icon in the systems tray at the bottom-right corner of your desktop. From the menu, select Update.
“This kind of malvertising is a fairly easy way for cybercriminals to deliver adware or another malicious payload. Many websites sell advertising space to ad networks then deliver the targeted ads to your screen,” said Avast Virus Lab researcher Honza Zika. “All Avast users with current virus databases are fully protected against this attack, but those without protection or up-to-date security patches run the risk of being infected with ransomware.”
Malicious ads have appeared on legitimate websites for years now. In 2010, Jiri Sejtko, the director of Avast Virus Labs reported on ads poisoning and predicted that “The ad infiltration method is growing in popularity alongside with the web site infections. Now we are facing probably the biggest ad poisoning ever made.” In the years following, many legitimate sites have suffered this attack notably Reuters, Yahoo, and Youtube.
For a more technical explanation of how infected ad networks work, read the study done by Avast Virus Lab analysts, Malvertising and OpenX servers.
How to protect yourself from infected ad networks
Since infected ads can appear on legitimate sites that you normally visit with no problem, you have to trust your antivirus protection to do it’s job. Here are some steps you ca take to protect yourself’
- 1. Make sure your antivirus protection is up-to-date and that you have applied security patches to software.
- 2. Disable Adobe Flash and Java. Cybercrooks often exploit the vulnerabilities in these services.
- 3. It may seem drastic, but you can even get an Ad-blocker browser plug-in to stop all ads from showing. The downside is that you miss something that could actually be useful.